Cooper Bussmann Wireless Ethernet & Device Server BU-945U-E 802.11 DSSS User Manual
3.5 Network Configuration
You can view or modify Ethernet network parameters by selecting the “Network” menu. When prompted for username and password, enter “user” as the username, and “user” as the password in the password field (This is the factory default – See section 3.17 “Module Information Configuration” to change). If you have forgotten the IP address or password, the Factory Default switch may be used to access the existing configuration. Refer to previous section above for this procedure.
The Network Configuration page allows configuration of parameters related to the wired and wireless Ethernet interfaces. In general, IP address selection will be dependent upon the connected wired Ethernet device(s) – before connecting to an existing LAN consult the network administrator.
A system of BU-945U-Es must have at least one Access Point configured as a master with one or more Clients. All BU-945U-Es should be given the same System Address (ESSID) and Radio Encryption settings. For further information and examples on wireless network topologies refer section 1.1 “Network Topology” above.
The BU-945U-E supports several different radio encryption schemes. If utilizing any form of encryption, all modules in the system that communicate with each other will need the same encryption method and encryption keys.
WEP (Wired Equivalent Privacy) encryption is the weakest encryption method, defined by the original IEEE802.11 standard and uses a 40bit or 104bit key with a 24bit initialization vector to give a 64bit and 128bit WEP encryption level. WEP is not considered an effective security scheme, and should only be used if it is necessary to interoperate with other equipment which does not support more modern encryption methods.
WPA (Wi-Fi Protected Access) is a subset of the IEEE802.11i Security Enhancements specification.
The BU-945U-E supports WPA-1 TKIP and WPA-2 AES using a Pre-Shared Key (PSK).
•TKIP (Temporal Key Integrity Protocol) enhances WEP by using 128-bit encryption plus separate 64bit Tx and Rx MIC (Message Integrity Check) keys.
•AES (Advanced Encryption Standard), the most secure encryption method, is also based on 128-bit encryption key and is the recommended encryption method in most applications.
WPA-Enterprise (802.1x) removes the need to manage the Pre-shared Key (PSK) by using an external server to provide client authentication. Clients that are not authorized will be prevented from accessing the network. Once a client has provided the correct authentication credentials, access is permitted and data encryption keys are established, similar to WPA-PSK. Fine-grain (user level) access control can be achieved using this method.
An 802.1x capable RADIUS server may already be deployed in a large scale network environment. The BU-945U-E can make use of this server reducing replication of user authentication information.
In a typical WPA-enterprise setup, the BU-945U-E Access point acts as Authenticator, controlling access to the network. Wireless clients (BU-945U-Es, Laptops or other devices) act as Supplicants, requesting access to the network. The Authenticator communicates with an authenti- cation (RADIUS) server on the Ethernet network to verify Supplicant identity. When a Supplicant requests access, it sends an access request to the Authenticator, which passes an authentication request to the external authentication server. When the user credentials of the Supplicant are verified, the Authenticator enables network access for the Supplicant, data encryption keys are established, and network traffic can pass.
Configuration of WPA-Enterprise differs when the unit is configured as an Access point (Authenticator) or Client (Supplicant).
If WDS interfaces are used, it is possible for one BU-945U-E to act as both an Authenticator and a Supplicant, however in this situation, only one set of user credentials can be entered for all Supplicants.
After changes are made to Network Configuration, it is important to save the configuration by selecting “Save Changes” or by selecting “Save Changes and Reset.”
Note: If making changes to a remote module via the radio link please make sure all changes are compliant and accurate before pressing the “Save to flash and reset” button. Some field changes may stop the radio link from working and will require a hard wire connection to change back.
